Configuring the ping-auth plugin in Konnect - PingOne Services - PingOne - PingOne Cloud Platform - PingOne Authorize

PingOne Cloud Platform

bundle
pingone
ft:publication_title
PingOne Cloud Platform
Product_Version_ce
PingOne
PingOne Cloud Platform
category
Administratorguide
ContentType
Guide
Product
Productdocumentation
p1
p1cloudplatform
ContentType_ce
Product documentation
Guide
Guide > Administrator Guide

After you’ve uploaded the ping-auth plugin’s schema to Konnect, configure the plugin in Gateway Manager, or use the Kong API.

CAUTION:

Test the operation of the ping-auth plugin before you use it in production.

Configuring the plugin using the Gateway Manager UI

  1. In Gateway Manager, open Plugins from the side navigation, then click New Plugin.
  2. On the Custom Plugins tab, click the ping-auth plugin.
  3. Optional: To enable the plugin for specific consumers, services, or routes, click Scoped, and then enter Service, Route, and Consumer information.
  4. In the Service Url field, enter the API gateway service URL that you saved when you prepared PingOne Authorize for Konnect integration.
  5. In the Shared Secret field, enter the credential that you saved earlier.
    Screen capture of the Kong Konnect configure plugin screen showing configuration credentials.
  6. Configure the following additional fields:
    Option API Field Name Description

    Connection KeepAlive Ms

    connection_keepAlive_ms

    The duration to keep the connection alive for reuse. The default is 60000.

    Connection Timeout Ms

    connection_timeout_ms

    The duration to wait before the connection times out. The default is 10000.

    Enable Debug Logging

    enable_debug_logging

    Controls if the requests and responses are logged at the debug level. The default is false. For log messages to show in error.log, you must set log_level = debug in kong.conf.

    Verify Service Certificate

    verify_service_certificate

    Controls whether the service certificate is verified. This is intended for testing purposes and the default is true.

  7. Click Save.

Kong Konnect is now configured to work with PingOne Authorize.

Configuring the plugin using the Kong API

  1. Send the following in a POST request to https://{region}.api.konghq.com/konnect-api/api/runtime_groups/{controlPlaneId}/plugins:
    {
    "name": "ping-auth",
    "enabled": true,
    "config": {
       "enable_debug_logging": true,
       "verify_service_certificate": false,
       "secret_header_name": "<shared secret header name>",
       "service_url": "https://<PingOne Server hostname>",
       "shared_secret": "<shared secret>"
      }
    }

    The following fields are required for this API request:

    Secret_header_name
    The header name in which the shared secret is provided. You can provide additional configuration in accordance with the Kong API specification.
    Service_url
    The full service URL of the API gateway in PingOne.
    Shared_secret
    The shared secret value to authenticate this plugin to PingOne.
    Tip:

    You saved these credentials when you prepared PingOne Authorize for Konnect integration. To find the credentials in PingOne, go to Authorization > API Gateways.

  2. Optional: Configure additional fields:
    Option API Field Name Description

    Connection KeepAlive Ms

    connection_keepAlive_ms

    The duration to keep the connection alive for reuse. The default is 60000.

    Connection Timeout Ms

    connection_timeout_ms

    The duration to wait before the connection times out. The default is 10000.

    Enable Debug Logging

    enable_debug_logging

    Controls if the requests and responses are logged at the debug level. The default is false. For log messages to show in error.log, you must set log_level = debug in kong.conf.

    Verify Service Certificate

    verify_service_certificate

    Controls whether the service certificate is verified. This is intended for testing purposes and the default is true.

Kong Konnect is now configured to work with PingOne Authorize.